Ed Ravin writes: > How have other Mailman admins dealt with this?
The only ways to deal with deficient MUAs are Plan A = pander and Plan B = tell their users to suck it up and shut up. I won't do Plan A and have the power to do Plan B, so Plan B is what I use. That doesn't work for everybody, probably does not for a majority of list owners (eg, where the users of deficient MUAs are customers). The situation is not ideal. Yahoo! and AOL knew that going in, they thought about it, and chose to do it anyway. So *we* have to suck it up. There is ongoing work at the IETF to see if we can mitigate the problem better in the future (and Yahoo! at least seems willing to work with those Yahoo!-side mitigations -- AOL has not yet demonstrated an understanding of the issues), but for now we list owners have an unpleasant choice to make. > I wonder if it's possible to to make wrapped messages a user preference, > or have them only turned on for certain domains as discussed previously. > Is this a patch that would be accepted in the future? As Mark mentioned, applying only to posts From domains that use "p=reject" is possible in 2.1.18-1. Acceptance of a patch to make it a user preference might be acceptable (that's entirely up to Mark), but it would have to be carefully done to ensure that *some* mitigation (probably From-munging) would be applied if the list owner specified she wants mitigation. That's because failure to apply to mitigation to messages that would be DMARC rejected affects third parties (to the extent that the bounces can't be identified as DMARC rejects, they will be scored as bounces from those subscribers, and innocent[1] subscribers could have their subscriptions disabled). Footnotes: [1] Though not entirely so. Concealing the fact that the reject was a DMARC policy reject is not useful since it says very little about *destination* policy, even if the destination prefers to conceal its own security policy to present a smaller attack surface. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
